Welcome to MagicBOFs, a small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.
I've always thought it was interesting that Sliver C2 was named after the Slivers in MTG, even before I started playing the game. Now that I've gotten into Magic: The Gathering, I thought it would be fun to apply that theme to BOFs.
Mapping BOFs to spells or sorceries from MTG just makes sense to me, and I’ll be adding more to this collection over time. Each one will likely take on some flavor of the MTG world — nothing too serious, just a funny naming scheme to me.
A BOF for triaging if a user account might be a honeypot in Active Directory using the ADSI (Active Directory Service Interfaces) API. Handy if you stumble upon suspicious credentials or roastable users.
A BOF that acts as a lightweight implementation of curl, allowing you to peek at remote services without opening a SOCKS proxy. It can be used to inspect HTTP response headers and TLS certificates, making it useful for detecting if certificates have been swapped out or intercepted.
A BOF that removes RDP session limits by dynamically patching termsrv.dll in memory—allowing multiple users to RDP into a machine at the same time.
Shoutout to:
- Benjamin Delpy (@gentilkiwi) for
ts::multirdpin Mimikatz - @S3cur3Th1sSh1t for porting the patch to tspatch.c